Posted
by
samzenpuson Thursday December 04, 2008 @12:38AM
from the guarding-the-tubes dept.

strikeleader writes "TechCrunch has an article from an interview with General Kevin Chilton, US STRATCOM commander and the head of all military cyber warfare.
Who protects us? 'Basically no one. At most, a number of loose confederations of computer scientists and engineers who seek to devise better protocols and practices — unincorporated groups like the Internet Engineering Task Force and the North American Network Operators Group. But the fact remains that no one really owns security online, which leads to gated communities with firewalls — a highly unreliable and wasteful way to try to assure security.'"

Not to mention I find it humorous that the government could actually set up a system that protected us from cyber attack. The current system, where everyone fends for themselves, seems much more capable of handling situations since you have more ideas and more setups out there so the strongest ideas will survive. And lets not even go into how well the government tends to manage things...

Of course the internet is used as a military asset. So are carrots, roads, the sky, and, for that matter dirt. The military pioneered the use of human messengers, semaphore, the telegraph (wired, then "wireless"), telephone, radio telecommunications, and bent-pipe ---now increasingly IP enabled-- satellite. Militaries have always made use of telecommunications. The internet is just another medium on the continuum. Sorry if that makes your puppy cry.

All of the other examples you list - from messengers to telegraph to satcom - are technologies. The government's use of these technologies doesn't impact other uses of them in any way. The Internet, on the other hand, is a particular implementation of a technology. If the military wants to use TCP/IP as a military asset, few people would have any problem with that. But the ability to protect something necessarily means having at least some control over it. It means the ability to take action against an

Its like the old days of the wild west. No one really controls the land and you are free to roam and *almost* do as you please. If someone misbehaves a posse is rounded up to take care of the problem, the community helps itself. OSS is the same way.

Hopefully no one entity or group ever takes control of our virtual land.

I had the same problem as you. Living in my parents attic, it was so hot..even in winter. One day while playing doom, I had an idea: Use the chainsaw to free the heat. It took some blood and sweat, but I got the job done. Fly Mr. Heatie, fly!

Back on topic: With all these people trying to control the internet and the FCC auctioning off all the airwaves, I'm ready to become a freebander. Why not just create a radio networking card which uses the analog TV freqs the FCC took away....okay, that would be a bad idea, they'd probably just track us all down.

Then again, maybe playing with pringles cans and "legit" wireless networking, we can interface with our neighbors. Something has to work, or am I just a kook?

When I walk through downtown Baltimore, who is there to protect me? (looks around). I don't see any police around so I'm basically a victim waiting to be robbed by some guy hiding around the next corner. The only real protection is (1) a mutual agreement to respect one another's property, (2) common sense to avoid dangerous areas or obvious scams, and (3) as a last resort self-defense when attacked. The internet operates on the same principles.

not that I'm any kind of expert... but I would think that one could argue that once certain technologies got up to a decent level to allow for things like network cards, long distance communications, encryption, personal computers, etc... something like the internet would be inevitable.

not really that certain.If the internet hadn't grown up from under the radar it very well could have been treated like traditional media.Want to run a server? You better have a liscence just like the TV broadcasters.Want to connect at all? WEll first you have to authenticate with the central government servers so they know who's doing what on the network.

Our greatest defence for years was that nobody knew enough about it to make laws on it. Now that there's real money involved of course the legislators want to make rules even if they don't have a clue what's going on- kinda like with every other situations that governments touch.

Neither is General Chilton, or he would not be talking with a straight face about using the public Internet for secured transmission of military data. He's a fucking idiot if he believes what he's saying and you should not take him seriously just because of his uniform. You're a voter and a taxpayer, right? Don't trust him, treat him as an employee.

... but I would think that one could argue that once certain technologies got up to a decent level to allow for things like network cards, long distance communications, encryption, personal computers, etc... something like the internet would be inevitable.

Yes. What was not inevitable is that military personnel would choose to use publicly available, privately-owned hardware on basically an "honor system" set

I don't see anything in the referenced article about using the public internet for transmission of military data. He is talking about the public internet as a target for offensive action by an enemy with the intention of damaging the country and forcing a surrender, or at least achieving military advantage, by economic means.

Most purchasing is now done electronically, one way or another, and such purchases travel over the Internet. If you jam the Internet, you can seriously bollocks up a production and dis

Your actulally quite right. The internet is a collection of networks not necissarily IP based. A majority of attacks exist on the IP side. Wide area networking technology carries all traffic regaurdless of the payload. If there is an attack on the border of your internal IP network the WAN cares not. If your border is penatrated and a connection is made to create another network, again the WAN doesn't care. Can the internet be taken down? Not if you have skilled and knowledgeable Information Security officers maintaining the network you reside on.

Not if you have skilled and knowledgeable Information Security officers maintaining the network you reside on.

In A.D. 2101War was beginning.[...]CATS: You have no chance to survive make your time.CATS: Ha ha ha ha....General Kevin Chilton: Take off every 'Information Security Officer'!!General Kevin Chilton: You know what you doing.General Kevin Chilton: Move 'Information Security Officer'.General Kevin Chilton: For great justice.

Use of the Internet Protocol defines the Internet. If it's not using IP, it's not part of the Internet. The Internet is a global system of interconnected computer networks that interchange data by packet switching using the standardized Internet Protocol Suite (TCP/IP). (text shamelessly swiped from Wikipedia)

I hope you don't support Net Neutrality, because that is the Trojan Horse for government regulation of the Internet.

And the opposition to it is led by those companies who want to be the looters instead. However, as commonly known, the government is inefficient; so it is also inefficient in censoring the Internet. Thus, government control is preferable to corporate control, because it is less likely to be effective.

Even if the government could offer some form of protection online, I'd be a fool not to protect my own network to the best of my abilities. Using Jonathan Zittrain's logic from TFA, doors must be ineffecient and wasteful too; obviously he has never heard of the concept of defense in depth.

I modded already. I wanted to comment. Had I logged out and posted AC my mod would not have been undone. So I figured, there is a post as AC option, I don't need to bother logging out. Not so. Posting as AC when logged in undoes your mods.

The expression comes from a poem - "Mending Wall" - by Robert Frost, which is an ironic criticism of peoples' need to separate themselves from one another without understanding why - or indeed whether - they should. Walls are by their very nature divisive, and hamper cooperation by design. It is foolish, therefore, just to blindly put them up wherever we can in the name of "security".

To quote:'"Why do they make good neighbors? Isn't itWhere there are cows? But here there are no cows.Before I built a wall

I don't think you want to centralize anything like that, at least not to the exclusion of everyone having local protections. Your firewall is under your control and you can make it as secure or unsecured as you want it.

If you want the cyberspace equivalent of a national army, you're just asking to have lots of power taken away from you and given to someone else. That being said, I think there is a case for prevention of nations attacking other nations en large, or 'war by other means'.

but carry it too far and you end up destroying the global feel of the internet - you'll end up with cyber borders as bad as our real borders - checkpoints you can't cross without 'your papers please'.

If you want the cyberspace equivalent of a national army, you're just asking to have lots of power taken away from you and given to someone else.

All those spammers building botnets, eventually, they're going to become "security companies". Nice web site you've got there, it'd be a shame if no-one could get to it. Once they start collecting taxes from a large enough group of people, they become a "legitimate" police force. After all, they don't want anyone else building a bigger botnet than theirs.

The idea that 'someone' 'owning' 'security' would somehow provide us with more online protection I find unbelievably stupid and ignorant. If you open your eyes you'll realise we wouldn't even have the internet if it weren't for essentially random collections of like-minded people each contributing a piece of the puzzle - it's called evolutionary process, and nothing any businessman or politician has ever invented has come close to it's effectiveness.

...People carried guns for protection.
And individuals who learned to best use their 'protection', with faster assessment of threats and the resulting execution of such with precise accuracy, found they had a satisfactory level of self-protection.
I say, legalize some offensive capabilities for "Internet Users" and set up some general universal use rules. After all, when you point a gun to shoot at someone else, you are tacitly giving them permission to shoot back at you (or even preemptively), hence the

You missed my point, I was making (or at least attempting to make) a fundamental analogy. Not some type of geopolitical statement.
Also, it had nothing to do with the country of Iraq. (And apparently, you have never been held at gunpoint and robbed before.)
There *are* very bad people out there, and some of them use the Internet and do very bad things there too.
Some believe that an individual Internet User should be filtered, 'protected', and passively controlled by bureaucrats, in a fully rubber-padded

If someone breaks into my home and threatens me or my family with a weapon, they die.

Zymergy shot first!!

Thats *your* fallacy. You're assuming that you get a chance to shoot first.

Classic gun-control fallacy. The world does not work that way. People do not work that way. Deterrence works.

Deterrence works, but leads to an arms race.

It'll work as long as there are unarmed homeowners, as they will be "burglars choice" (easier targets). But as soon as everyone has a gun... do you really thing burglars will be extinct? No.. they'll just keep on trying to break into your house (without tripping any alarm) and shoot you while you're still sleeping. Better safe than sorry, you understand.... It's not their fault.. you forced

...and I do not know anyone who carries a gun (except one friend who is in an Police armed response unit) and no-one I know has ever been shot, threatened with a gun, or seen anyone shot (except the aforementioned Police friend)

Where I live (UK) you do not see people with guns (except police and army) and it is normal, except in a very few areas, for people to have no knowledge of gun crime and to know no-one who has ever experienced it...this is what it is like living in a anti-gun society

In the Wild West, people got killed and robbed, and people lived in fear of being visited by bandits. If you needed security for something - a train, or a shop - it was extremely expensive and unreliable. Armed men were frequently killed, since it turns out that when you get shot it doesn't make much difference whether you've got a gun or not.

In contrast, I occasionally have to stand up on my train to work, but it hasn't yet been robbed by armed bandits.

"But the fact remains that no one really owns security online, which leads to gated communities with firewalls -- a highly unreliable and wasteful way to try to assure security."

Actually, it is far more secure that way, if one organization did somehow owned all security online, the internet as a whole would be much less security because now you have a single point of failure. Once someone exploited that vulnerability, the entire Internet as a whole would be affected.
Also I get the feeling from the article that what they are really after is not necessarily security, but CONTROL of the Internet.
Lastly, that man DOES NOT protect the Internet in any way, shape or form. He might be responsible for the USA military Intranet, but that's about it. Stop the fear-mongering already.

"But the fact remains that no one really owns security online, which leads to gated communities with firewalls -- a highly unreliable and wasteful way to try to assure security."

Actually, it is far more secure that way, if one organization did somehow owned all security online, the internet as a whole would be much less security because now you have a single point of failure. Once someone exploited that vulnerability, the entire Internet as a whole would be affected. Also I get the feeling from the article that what they are really after is not necessarily security, but CONTROL of the Internet. Lastly, that man DOES NOT protect the Internet in any way, shape or form. He might be responsible for the USA military Intranet, but that's about it. Stop the fear-mongering already.

Nobody owns security offline either, and nobody should. If you own something, or care about something, you protect it. Some things have additional protection from the police or the military (e.g. I have a reasonable expectation that the police will prevent me from getting beaten up in some circumstances), but in the most part "the authorities" have a fairly punitive deterrent role. But anything that needs special protection gets it: got valuables in your house? Alarm, strong doors, insurance. All privately paid-for and provided. Got valuables on your computer? Backups, firewall, antivirus. Also privately provided.

Basically, the people who care about things know how much they're worth protecting. It isn't sensible to have military-grade security around my old Corolla, but my laptop's pretty secure because it's got a few worthwhile things. If the good General has infrastructure or secrets worth protecting, he should protect them. If it makes sense to exploit economies of scale and worth with other branches of the community, great.

It's also not true that there's a loose confederation of people (Vixie & co) protecting the internet. There are plenty of people around who want to protect or improve their own reputation, and security is one of those ways. If the military wants contact points in the wider security community, they shouldn't be looking for an owner, but they should be working with reality: getting out there making those contacts.

Normally I think such anarchy is stupid, but in this case it actually is common sense.

I disagree. It's a terrible thing that we do not have a force dedicated to cyber security, but I wouldn't call the individual security nets "wasteful".

Is it wasteful to have both an enterprise firewall AND anti-virus software? No, you should have a net at every point possible - especially if we're talking issues where the government would start to be concerned. In that case, the person sitting on the other side of an attack is likely as sophisticated as the highest paid engineers on our side. Redund

Hmm, good job in making me spend more than the typical 2 seconds reading a stupid AC quote. This one is so odd, I just had to sit and see if there was any meaning whatsoever - I still haven't found any. But again - compliments!

I guess the whole point of article, aside from being a scarecrow, is in following part. They probably put it there, in order to hide it from/. crowd...

When Obama appoints a white house CTO, there will at least be an official figurehead in charge of this matter. Proposed candidates for the role currently include Eric Schmidt, Steve Ballmer, Jeff Bezos and Julius Genachowski from IAC.

Emphasis is mine, please be kind to your new -potentially- M$ loving uber-CTO and use only approved root kits, that utilized security holes those are already hot-fixed by people who put them there in the first place, from now on...

Interesting thing is that I am not an American and my political ideology, while my post was not about politics, is far left than the new President's party. I am happy that, idiots like you, who are conforming derogatory "low IQ average American" image are only a minority, according to my experience with USA citizens. This minority is unfortunately is more visible and louder than the rest of population.

This is a really weird analogy, but this reminds me of snow crash - individual areas secured by their owners, and huge unprotected wastes and everything in between. Too far fetched a nerd reference?

Not at all. This is central to the cyberpunk aesthetic, which views society from a hacker's perspective.

Consider the changes in the network, from the days of ruinously expensive proprietary UNIX available only on mainframes at large corporate and academic sites, to the modern age in which any individual's che

and the "internet" is the chaos that arises from connecting all these networks together.

My organization needs to make its own decisions on what policies it need to implement on its network.

Communications between my college and many strange corners of the globe occur daily. If I dropped kerberos at my borders, Xbox wouldn't work anymore, and I would be risking bodily harm from the rioting mobs.

Now, if a federal department had such traffic crossing its borders, they'd have a rapid deployment team there within minutes to figure out what happened.

Anyone who tells you that security can be solved easily is probably trying to sell you something...

... sure, we REALLY do need a massive government agency to babysit the internet. They'll guarantee security and do it for pennies. Right!? Right?? Even better, let the army do it. THEY really know efficiency... What a joke!

But the fact remains that no one really owns security online, which leads to gated communities with firewalls -- a highly unreliable and wasteful way to try to assure security.

And I'm not seeing how this international security issue is much different from any other which pretty much as long as theres been human history has involved patchwork alliances and federations to stipulate, review, and enforce.

The "Internet" has become something of a quandry. It's humble beginnings were brilliantly designed to propogate information, provide a powerful environment for collaboration, and provide an extensible virtual universe for spreading and preserving human thought, and projects of discovery. It's one weakness was that it was designed by intelligent, responsible, and compassionate people expecting that in the vein of collaboration and workability, that future users would be likewise intelligent, responsible, and compassionate.

Much to the chagrin of humanity, a vast hoard of virtual Mongols (or equally apropos "mongrels"), have used the internet as their personal toilet, slim-jim, bludgeon, and/or weapon of mass destruction. Sadly in a free environment, you have to cope with the worst in people, to support and empower that which is best.

The first problem is to get crystal clear about what doesn't work with the current system. Whether the available cures are(n't) worse than the disease, and how we might implement meaningful solutions without breaking, impeding, or prevent those things which are best about the internet. Security means different things to different people. Protecting people from stupidity, laziness, or the worst in their own natures might well render the broad networks by which people collaborate and invent the future, functionally unusable. Making the worst of what people do very difficult, while preserving the general freedom, and clear capacity for people to share ideas, impart mutual wisdom, and promote what Shakespeare referred to as "Our better natures", demands vision, foresight, and a profound commitment to integrity.

The first and most essential thing we can and must do, is create an environment that promotes human enterprise, without selling off the very things than make the internet valuable to people.

First of all, I went to great length to never use the word "MY" anywhere in my comment. I haven't the wisdom or foresight to make such decisions, and I'm not at all clear any single person or even organization does. It would demand serious collaboration with informed and enlightened people with something resembling a common vision

There is a whole lot more going on in the internet than people on soapboxes saying things. If the only cost to humanity were having to listen to an occasional dissenting view, I'd

Who protects us? 'Basically no one. At most, a number of loose confederations of computer scientists and engineers who seek to devise better protocols and practices

I.e. the talented people who developed the technology in the first place, and their successors.

â" unincorporated groups like the Internet Engineering Task Force

You mean the people who managed one of the most staggeringly successful collection of interoperability standards that, post-OOXML, makes the ISO look like a bunch of clowns?

I think we're in safe hands - we'd be in even safer hands if the gubment got on with its job of enforcing the anti-trust laws and fixing the patent system leaving the IETF et. al. to get on with thiers.

After reading the article, it is quite clear that these folks are getting caught up in their own metaphors.
The only reason you need more power is if you need to defend your self from more powerful forces.
On the internet, power, while not equally distributed, is far less disparate than in the 'real world'.
Why do I need an Army? In case another tribe decides they want to secure a resource I want, or decides to infringe on my territory.
What is the equivalent online? Who is this 'defense' supposed to be

you are making Big Brother in George Orwell's "1984" because they will watch your Internet usage to make sure you don't break any laws.

We need to innovate our way out and block virus like code from being transmitted and make better encryption for business transactions.

Also companies cannot leave hard drives with unencrypted credit card and bank account numbers on it so people can steal them and do identity theft with them or sell the list. They should encrypt the list and not leave the decryption key on the

To truly secure any data stream you have to be able to control it at all points from start to end. If people think that government or large group based security is not going to involve a crapload of lobbied for add-ons and censorship they don't understand the nature of lobbyists.

The best kind of Security for an open and free(as in rights) internet is individual security. Our computers are something we (or the local network admin) have control over.

Yess, its very waitsfuls for uss to do its for ourselves. The governments should protects us and handles our internets safeties. Lets the governments do its. ( not sure what I was channeling right there )

Besides, they are soo good at it. I mean, hes got medals to prove it ( not that I am detracting from his awards, I just doubt many of them are in man-in-the-middle warfare ).

My personal favorite part:

Such an attack has the potential to turn the US âoefrom being a superpower to a third-world nation prac

Nobody needs to protect "the internet", you just have to protect "your computer". If there are any security flaws they should be fixed in software. Regulation won't stop crackers/phishers, they already operate without regards to the law.

"Military intelligence" is a known oxymoron. So is "military security."

Dick Marcinko and his RED CELL SEAL Team proved that years ago. They penetrated US Navy nuclear sub bases, Naval Intelligence HQ, US embassies around the world, Air Force One, and got several SEALS with several pounds of C4 within twenty yards of the President's cottage at Camp David.

There is no such think as "military security". Putting these numbnuts in charge of the Internet would be a disaster.